Date: Thu, 26 Feb 1998 16:13:37 -0800 From: "Eric A. Davis" <edavis@nas.nasa.gov> To: LOlayiwola <LOlayiwola@aol.com> Cc: questions@FreeBSD.ORG Subject: Re: Unix System Security Message-ID: <199802270013.QAA20942@shark.nas.nasa.gov> In-Reply-To: miker's message of Thu, 26 Feb 1998 19:30:06 -0400.<Pine.BSF.3.96.980226191718.12794A-100000@scifair.acadiau.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 26 Feb 1998 19:30:06 -0400 (AST) Michael Richards wrote >> 2) How could I as a security advisor advise a network administrator to cater >> for this security problem. >One important thing is to educate the users. Have them pick good >passwords. Something like foobar is not a good password, nor is 555-2344, >or julie. People who don't know any better commonly choose passwords like >this. Take person X, he is going out with someone named Julie, and his >phone number is 555-2344. Not hard to guess his password. >If the cracker is able to get the passwd file they can run something >called a dictionary crack on it. That involves going through the >dictionary and trying permutations of words and numbers and trying them >against the users. Someone with a bad password may match one of the >program's guesses. >A password like: 3%gP)3s would be a good one because it is not >pronouncable, an english word it is not, hence there is little chance of a >dictionary crack getting it. Also, if someone saw the 1st 3 characters, >they couldn't guess the rest. Juli, if you knew the person would be an >easy guess. > To combat against users choosing bad passwords you should install a 'passwd' app that pro-actively checks the password. That is, checks the password's integrity before it is changed. Some excellent 'passwd' apps are Eppaswd, passwd+, and npasswd. The Epasswd homepage also has some good statistics about password permutations. http://www.nas.nasa.gov/~edavis/epasswd/ - eric -- Eric Allen Davis Network Engineer edavis@nas.nasa.gov NASA Ames Research Center Voice: (415)604-2543 NAS Systems Division Pager: (415)428-6931 http://www.nas.nasa.gov/~edavis To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199802270013.QAA20942>